CVE-2006-2866

DotClear 1.2.4 - Remote File Inclusion via blog_dc_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2866. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a remote file inclusion vulnerability in DotClear <= 1.2.4 by manipulating the 'blog_dc_path' parameter to include a malicious 'prepend.php' file from an FTP server, enabling arbitrary command execution.

Description

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1869

View Code ZIP pw:eip

This exploit leverages a remote file inclusion vulnerability in DotClear <= 1.2.4 by manipulating the 'blog_dc_path' parameter to include a malicious 'prepend.php' file from an FTP server, enabling arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DotClear <= 1.2.4

No auth needed

Prerequisites: PHP5 with register_globals=On and allow_url_fopen=On · Access to an FTP server hosting the malicious prepend.php file

MITRE ATT&CK